o 5 h@sddlmZddlZddlZddlZddlmZmZmZm Z m Z ddl m Z ddl mZmZmZmZddlmZmZmZddlmZmZddlmZd d lmZmZmZd d lmZ Gd d d e!Z"Gddde#Z$ddZ%ddZ&d6ddZ'ddZ(d7ddZ)ddZ*ddZ+ddZ,d d!Z-d"d#Z.d$d%Z/d&d'Z0d(d)Z1d*d+Z2d6d,d-Z3e4d.krddl5Z5d/Z6ed0j78Z9d1Z:e55Z;eqe?d2e55e;e:d3d4e55Z;ee6Z>qe?d5e55e;e:d3d4dSdS)8)print_functionN)bordtobytestostrbchr is_string)Integer) DerObjectIdDerOctetString DerSequence DerBitString)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_info)SHA512SHAKE256)get_random_bytes)EccPoint EccXPoint_curves)CurveIDc@s eZdZdS)UnsupportedEccFeatureN)__name__ __module__ __qualname__rrh/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/Crypto/PublicKey/ECC.pyr7src@seZdZdZddZddZddZdd Zd d Zd d Z e ddZ e ddZ e ddZ ddZddZddZddZddZd0dd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/S)1EccKeyaClass defining an ECC key. Do not instantiate directly. Use :func:`generate`, :func:`construct` or :func:`import_key` instead. :ivar curve: The **canonical** name of the curve as defined in the `ECC table`_. :vartype curve: string :ivar pointQ: an ECC point representating the public component. :vartype pointQ: :class:`EccPoint` or :class:`EccXPoint` :ivar d: A scalar that represents the private component in NIST P curves. It is smaller than the order of the generator point. :vartype d: integer :ivar seed: A seed that representats the private component in Ed22519 (32 bytes), Curve25519 (32 bytes), Curve448 (56 bytes), Ed448 (57 bytes). :vartype seed: bytes cKsdt|}|dd}|dd|_|dd|_|dd|_|dur*|jr*|jj}|r4tdt||tvr>t d|t||_ |j j |_t |jdut |jdu}|dkre|jdurct d dS|d krmt d |j j tjkr|jdur}t d t|jd krt dt|j}|d d|_t|dd }|ddM<|dd@dB|d<tj|dd|_dS|j j tjkr |jdurt d t|jdkrt dt|jd}|dd|_t|dd}|ddM<|ddO<d|d<tj|dd|_dS|j j tjkrL|jdurt d t|jd kr+t dt|j}|ddM<|dd@dB|d<tj|dd|_dS|j j tjkr|jdur^t d t|jdkrjt dt|j}|ddM<|ddO<tj|dd|_dS|jdurt dt|j|_d|jkr|j jkst d t d dS)!aCreate a new ECC key Keywords: curve : string The name of the curve. d : integer Mandatory for a private key one NIST P curves. It must be in the range ``[1..order-1]``. seed : bytes Mandatory for a private key on Ed25519 (32 bytes), Curve25519 (32 bytes), Curve448 (56 bytes) or Ed448 (57 bytes). point : EccPoint or EccXPoint Mandatory for a public key. If provided for a private key, the implementation will NOT check whether it matches ``d``. Only one parameter among ``d``, ``seed`` or ``point`` may be used. curveNdseedpointUnknown parameters: zUnsupported curve (%s)rzGAt lest one between parameters 'point', 'd' or 'seed' must be specifiedz,Parameters d and seed are mutually exclusivez/Parameter d can only be used with NIST P curves z0Parameter seed must be 32 bytes long for Ed25519@little byteorder9z.Parameter seed must be 57 bytes long for Ed448r78z3Parameter seed must be 32 bytes long for Curve25519z1Parameter seed must be 56 bytes long for Curve448z2Parameter 'seed' cannot be used with NIST P-curvesrz;Parameter d must be an integer smaller than the curve order)dictpop_d_seed_pointr TypeErrorstrr ValueError_curve canonicalintid_CurveIDED25519lenrnewdigest_prefix bytearrayr from_bytesED448rread CURVE25519CURVE448order)selfkwargskwargs_ curve_namecount seed_hashtmprrr__init__Qs             zEccKey.__init__cCs.t|tsdS||krdS|j|jkS)NF) isinstancer has_privatepointQ)rLotherrrr__eq__s  z EccKey.__eq__cCs|r|jjrdtt|j}n dt|j}nd}|jj t j t j fvr6|j j}d|jj||f}|S|j j\}}d|jj|||f}|S)Nz , seed=%sz, d=%dz EccKey(curve='%s', point_x=%d%s)z,EccKey(curve='%s', point_x=%d, point_y=%d%s))rUr; is_edwardsrbinasciihexlifyr6r=r5r>r?rIrJrVxr<xy)rLextrar]resultyrrr__repr__s  zEccKey.__repr__cCs |jduS)zJ``True`` if this key can be used for making signatures or decrypting data.N)r5rLrrrrUs zEccKey.has_privatec Csd|kr |jjksJJ|jj}tjd|d}|j|}|||}|jj|j|}||||||}||fS)Nrr) min_inclusive max_exclusive)r;rKr random_ranger5inverseGr]) rLzkrKblindblind_d inv_blind_krsrrr_signs  z EccKey._signcCsR|jj}|d|}|jj|||}|j||d|}||j|dkS)Nrr)r;rKrgrhrVr])rLrirsrKsinvpoint1point2rrr_verifys zEccKey._verifycC|std|jSNzThis is not a private ECC key)rUr:r5rcrrrr zEccKey.dcCrvrw)rUr:r6rcrrrr!rxz EccKey.seedcCs |jdur |jj|j|_|jSN)r7r;rhr5rcrrrrVs z EccKey.pointQcCst|jj|jdS)z^A matching ECC public key. Returns: a new :class:`EccKey` object )rr")rr;r<rVrcrrr public_keyszEccKey.public_keycCsn|jjstd|j}|r%|jjrd}nd}||jj|}|Sd|jj||jj|}|S)Nz/SEC1 format is only supported for NIST P curves) r;is_weierstrassr:rV size_in_bytesrais_oddr]to_bytes)rLcompress modulus_bytes first_byterzrrr _export_SEC1s"     zEccKey._export_SEC1cCs|jj\}}|jjtjkr&t|jddd}|d@d>|dB|d<t |S|jjtjkrBt|jddd}|d@d>|d<t |St d ) Nr%r*r+rr'r-r2zNot an EdDSA key to export) rVr^r;r>r?r@rErrGr:bytes)rLr]rar`rrr_export_eddsa_public s zEccKey._export_eddsa_publiccCs<|jjstd|jj}|j}t|j|dd}t|S)NzNot a Montgomery key to exportr*r+) r; is_montgomeryr:rVr]rrErr)rLr] field_sizer`rrr_export_montgomery_public,s  z EccKey._export_montgomery_publiccCsb|jjr|jj}|}d}n|jjr|jj}|}d}n d}||}t|jj}t|||S)N1.2.840.10045.2.1) r;rZoidrrrrr r)rLrrrzparamsrrr_export_subjectPublicKeyInfo4s  z#EccKey._export_subjectPublicKeyInfoTcCsx|sJ|j}d|jj||jj|}dt|j|t|j j ddt |ddg}|s6|d=t | S)Nr}rrexplicitr$)rUrVrr]rrar r r r;rr r encode)rLinclude_ec_paramsrrzseqrrr_export_rfc5915_private_derFs      z"EccKey._export_rfc5915_private_dercKsddlm}|dddurd|vrtd|jdur)|jj}t|j}d}nd}|j dd}t |jj}|j ||fd |i|}|S) NrPKCS8 passphrase protectionz3At least the 'protection' parameter must be presentrF)r key_params) Crypto.IOrgetr:r6r;rr rrr wrap)rLrMrr private_keyrr`rrr _export_pkcs8as$    zEccKey._export_pkcs8cCs"ddlm}||}||dS)NrPEMz PUBLIC KEY)rrrr)rLrr encoded_derrrr_export_public_pemvs   zEccKey._export_public_pemcKs*ddlm}|}|j|d|fi|S)NrrzEC PRIVATE KEY)rrrrrLrrMrrrrr_export_private_pem|s zEccKey._export_private_pemcCs ddlm}|}||dS)Nrrz PRIVATE KEY)rrrr)rLrrrrr(_export_private_clear_pkcs8_in_clear_pems  z/EccKey._export_private_clear_pkcs8_in_clear_pemcKsDddlm}|s Jd|vrtd|jdd|i|}||dS)Nrrrz5At least the 'protection' parameter should be presentrzENCRYPTED PRIVATE KEYr)rrr:rrrrrr,_export_private_encrypted_pkcs8_in_clear_pems  z3EccKey._export_private_encrypted_pkcs8_in_clear_pemc Cs|rtd|jj}|durtd|j|dkr(|}t|t|f}n;|j}|rCd|jj }t ||jj |}nd|jj ||jj |}|dd}t|t||f}ddd |D}|d tt|S) Nz"Cannot export OpenSSH private keysz Cannot export %s keys as OpenSSH ssh-ed25519r$r}-cSs g|] }tdt||qS)>I)structpackrA).0r]rrr s z*EccKey._export_openssh.. )rUr:r;opensshrrrrVrrarrr]rsplitjoinrr[ b2a_base64) rLrdescrzcompsrrmiddleblobrrr_export_opensshs.    zEccKey._export_opensshcKs|}|d}|dvrtd||dd}|r|dd}t|r1t|}|s1td|d d }|durS|jjrCtd |jjrKtd d |vrStd|dkrq|rh|rd|j |fi|S| S|j |fi|S|dkr|r}|s}td|r|j dd|i|S| Std||rtd||dkr||S|dkr||S|dkr||S|dkr|jjr|S|jjr|S||S||S)aExport this ECC key. Args: format (string): The output format: - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure defined in `RFC5480`_ will be used. For a private key, the ASN.1 ``ECPrivateKey`` structure defined in `RFC5915`_ is used instead (possibly within a PKCS#8 envelope, see the ``use_pkcs8`` flag below). - ``'PEM'``. The key will be encoded in a PEM_ envelope (ASCII). - ``'OpenSSH'``. The key will be encoded in the OpenSSH_ format (ASCII, public keys only). - ``'SEC1'``. The public key (i.e., the EC point) will be encoded into ``bytes`` according to Section 2.3.3 of `SEC1`_ (which is a subset of the older X9.62 ITU standard). Only for NIST P-curves. - ``'raw'``. The public key will be encoded as ``bytes``, without any metadata. * For NIST P-curves: equivalent to ``'SEC1'``. * For Ed25519 and Ed448: ``bytes`` in the format defined in `RFC8032`_. * For Curve25519 and Curve448: ``bytes`` in the format defined in `RFC7748`_. passphrase (bytes or string): (*Private keys only*) The passphrase to protect the private key. use_pkcs8 (boolean): (*Private keys only*) If ``True`` (default and recommended), the `PKCS#8`_ representation will be used. It must be ``True`` for Ed25519, Ed448, Curve25519, and Curve448. If ``False`` and a passphrase is present, the obsolete PEM encryption will be used. protection (string): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be present, For all possible protection schemes, refer to :ref:`the encryption parameters of PKCS#8`. It is recommended to use ``'PBKDF2WithHMAC-SHA512AndAES128-CBC'``. compress (boolean): If ``True``, the method returns a more compact representation of the public key, with the X-coordinate only. If ``False`` (default), the method returns the full public key. This parameter is ignored for Ed25519/Ed448/Curve25519/Curve448, as compression is mandatory. prot_params (dict): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this dictionary contains the parameters to use to derive the encryption key from the passphrase. For all possible values, refer to :ref:`the encryption parameters of PKCS#8`. The recommendation is to use ``{'iteration_count':21000}`` for PBKDF2, and ``{'iteration_count':131072}`` for scrypt. .. warning:: If you don't provide a passphrase, the private key will be exported in the clear! .. note:: When exporting a private key with password-protection and `PKCS#8`_ (both ``DER`` and ``PEM`` formats), any extra parameters to ``export_key()`` will be passed to :mod:`Crypto.IO.PKCS8`. .. _PEM: http://www.ietf.org/rfc/rfc1421.txt .. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt .. _OpenSSH: http://www.openssh.com/txt/rfc5656.txt .. _RFC5480: https://tools.ietf.org/html/rfc5480 .. _SEC1: https://www.secg.org/sec1-v2.pdf .. _RFC7748: https://tools.ietf.org/html/rfc7748 Returns: A multi-line string (for ``'PEM'`` and ``'OpenSSH'``) or ``bytes`` (for ``'DER'``, ``'SEC1'``, and ``'raw'``) with the encoded key. format)rDEROpenSSHSEC1rawzUnknown format '%s'rFrNzEmpty passphrase use_pkcs8Tz%'pkcs8' must be True for EdDSA curvesz#'pkcs8' must be True for Curve25519rz)'protection' is only supported for PKCS#8rrz8Private keys can only be encrpyted with DER using PKCS#8z2Private keys cannot be exported in the '%s' formatzUnexpected parameters: '%s'rrr)copyr4r:rUrrr;rZrrrrrrrrrrrr)rLrMargs ext_formatrrrrrr export_keysbZ           zEccKey.export_keyN)T)rrr__doc__rSrXrbrUrprupropertyr r!rVrzrrrrrrrrrrrrrrrrr;s6b        rcKs|d}t|}|dt}|rtdt|t|jtjkr-|d}t||d}|St|jtj krA|d}t||d}|St|jtj kr]|d}t||d}t| |j |St|jtj kry|d}t||d}t| |j |Stjd|j|d }t||d }|S) a1Generate a new private key on the given curve. Args: curve (string): Mandatory. It must be a curve name defined in the `ECC table`_. randfunc (callable): Optional. The RNG to read randomness from. If ``None``, :func:`Crypto.Random.get_random_bytes` is used. rrandfuncr#r%rr!r-r2r)rdrer)rr )r4rrr8r9r>r?r@rrGrIvalidaterVrJrrfrK)rMrOrrr!new_keyr rrrgenerateFs:        rcKs|d}t|}|dd}|dd}d|vrtd|jtjkr<|dur-t|||d<tdi|}||j |S|jtj kr\|durMt|||d<tdi|}||j |Sd||fvrjt ||||d<tdi|}| rd|vr|j |j}|j||fkrtd|S) aBuild a new ECC key (private or public) starting from some base components. In most cases, you will already have an existing key which you can read in with :func:`import_key` instead of this function. Args: curve (string): Mandatory. The name of the elliptic curve, as defined in the `ECC table`_. d (integer): Mandatory for a private key and a NIST P-curve (e.g., P-256). It must be an integer in the range ``[1..order-1]``. seed (bytes): Mandatory for a private key and curves Ed25519 (32 bytes), Curve25519 (32 bytes), Curve448 (56 bytes) and Ed448 (57 bytes). point_x (integer): The X coordinate (affine) of the ECC point. Mandatory for a public key. point_y (integer): The Y coordinate (affine) of the ECC point. Mandatory for a public key, except for Curve25519 and Curve448. Returns: :class:`EccKey` : a new ECC key object rpoint_xNpoint_yr"zUnknown keyword: pointz(Private and public ECC keys do not matchr)rr4r8r>r?rIrrrrVrJrrUrhr r^r:)rMrOrrrrpub_keyrrr constructps4!        rc CsPtD]\}}|r|j|krn||krnq|r td|td||j}t|d}|dkrZt|dd|krCtdt |d|d}t ||dd}nG|d vrt|d|krjtdt |dd}|d |d |j  |j}|dkr| r|j|}|d kr|r|j|}ntd t|||d S) aConvert an encoded EC point into an EccKey object ec_point: byte string with the EC point (SEC1-encoded) curve_oid: string with the name the curve curve_name: string with the OID of the curve Either curve_id or curve_name must be specified Unsupported ECC curve (OID: %s)zUnsupported ECC curve (%s)rrr$zIncorrect EC point lengthNr$rzIncorrect EC point encodingrrr)ritemsrrprrrAr:rrFbsqrtris_evenr) ec_point curve_oidrO _curve_namerr point_typer]rarrr_import_public_ders8      rcGst|\}}}d}dtfdtfd}dtfdtfd}||vrB|s'td|z t|j}Wn ty;td wt ||d S||vra||\} } |rTtd || |\} } t | | | d S||vr}||\} } |rstd || |} t | | d St d|)z4Convert a subjectPublicKeyInfo into an EccKey objectrz 1.3.132.1.12z 1.3.132.1.13Ed25519Ed448z 1.3.101.112z 1.3.101.113 Curve25519Curve448z 1.3.101.110z 1.3.101.111z%Missing ECC parameters for ECC OID %szError decoding namedCurverz(Unexpected ECC parameters for ECC OID %s)rrr)rrzUnsupported ECC OID: %s) r _import_ed25519_public_key_import_ed448_public_key_import_curve25519_public_key_import_curve448_public_keyr:r decodevaluerrr)encodedrMrrr nist_p_oids eddsa_oidsxdh_oidsrrOimport_eddsa_public_keyr]raimport_xdh_public_keyrrr_import_subjectPublicKeyInfos<          rcCsrtj|dd}|ddkrtdt|dj}d}|t|krLztdd||j}|dur;||kr;td|}|d7}Wn tyKYnw|durTtd t D] \}}|j |krcnqXt d ||j } t|| krytd d} } |t|krztdd||j} t| |d } | jj} | jj} |d7}Wn tyYnwt|}t||| | d S)Nr$rr) nr_elementsrrz!Incorrect ECC private key versionr$rzCurve mismatchzNo curve foundrzPrivate key is too smallr)rr rr)r rr:r payloadrAr rrrrrrrr rrVr]rarrFr)rrrec_private_key scalar_bytes next_element parametersrOrrrrpublic_key_encrzr rrr_import_rfc5915_der2sL             rc Csddlm}|||\}}}d}ddd}ddd }||vr,t|j} t||| S||vrI|dur8td d} t|j } t ||| d S||vrl||} |dur[td | d} t|j } t ||| d St d |)Nrrrrrrrrrz.EdDSA ECC private key must not have parametersrz+%s ECC private key must not have parametersz!Unsupported ECC purpose (OID: %s)) rrunwrapr rrrr:r rrr) rrralgo_oidrrrrrrr!rOrrr _import_pkcs8ms8   rcGst|}t|Sry)rr)rrMsp_inforrr_import_x509_certsrc Cszt||WSty}z|d}~wtttfyYnwzt||WSty4}z|d}~wtttfy?Ynwzt||WStyT}z|d}~wtttfy_Ynwzt||WStyt}z|d}~wtttfyYtdw)NzNot an ECC DER key)rrr:r8 IndexErrorrrr)rrerrrrr _import_dersB    rc Cs|d}t|dvrtdzt|d}g}t|dkrDtd|ddd}||dd||d|d}t|dks|d|dkrPtd|dd rt D]#\}}|j dureq[|j d slq[t |j d d }|d|kr~nq[td |t |d |jd}W|S|ddkrt|d\} } td| | d}W|Std|dtttjfytd|dw)N rzNot an openssh public keyrrrrzMismatch in openssh public key ecdsa-sha2- ecdsa-sha2rr$zUnsupported ECC curve: r ssh-ed25519rrzUnsupported SSH key type: zError parsing SSH key type: )rrAr:r[ a2b_base64runpackappend startswithrrrrrrrrrr8Error) rparts keystringkeypartslkrOrrecc_keyr]rarrr_import_openssh_publicsD         rcCsddlm}m}m}m}|||\}}ddtdfi}|dr||\} }| tvr/td| t| } | j dd } ||\} }t | d d krLt d t | d | dkrZt dt | dd| } t | d| d}||\}}t |}|| d}n/||vr||\}}}||\} }|| \} }||\}}|d|}||d}nt d|||\}}||td| |d|S)Nr)import_openssh_private_generic read_bytes read_string check_paddingrrr%rzUnsupported ECC curve %srrrz/Only uncompressed OpenSSH EC keys are supportedr$zIncorrect public key length)r r)r!rzUnsupport SSH agent key type:)rrr)_opensshrrrrrr rr modulus_bitsrr:rArrFr)datapasswordrrrrkey_type decrypted eddsa_keysecdsa_curve_namerrrzrrrr rrOrseed_lenprivate_public_keyr!_paddedrrr_import_openssh_private_eccs>               r$c Cst|dkr tdtd}d}t|}|dd?}|ddM<tj|dd }||kr1td |d kr7d S|d d |}|d ||d |}z%||}|||} t| |} | d @|krl|| } W| |fSW| |fSty{tdw)aiImport an Ed25519 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed25519 public key to import. It must be 32 bytes long. Returns: x and y (integer) Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 r%z9Incorrect length. Only Ed25519 public keys are supported.llx&(7Z/ ;(P8se:8 w6Rr'rr(r*r+zInvalid Ed25519 key (y)rrrr$zInvalid Ed25519 public key)rAr:rrErFrg_tonelli_shanks rrr rax_lsbruvv_invx2rrrrr!s4        rcCs>t|dkr tdt|}|ddM<tj|dd}|S)ahImport a Curve25519 ECC public key, encoded as raw bytes as described in RFC7748_. Args: encoded (bytes): The Curve25519 public key to import. It must be 32 bytes long. Returns: x (integer) Raises: ValueError: when the given key cannot be parsed. .. _RFC7748: https://datatracker.ietf.org/doc/html/rfc7748 r%zIncorrect Curve25519 key lengthr'r(r*r+)rAr:rErrF)rr]rrrrrNs rcCs&t|dkr tdtj|dd}|S)adImport a Curve448 ECC public key, encoded as raw bytes as described in RFC7748_. Args: encoded (bytes): The Curve448 public key to import. It must be 56 bytes long. Returns: x (integer) Raises: ValueError: when the given key cannot be parsed. .. _RFC7748: https://datatracker.ietf.org/doc/html/rfc7748 r2zIncorrect Curve448 key lengthr*r+)rAr:rrF)rrrrrrjs rc Cst|dkr tdtdj}|d}|dd}t|dd?}tj|dd }||kr0td |d kr6d S|d d |}|d ||d |}z%||}|||} t| |} | d @|krk|| } W| |fSW| |fStyztdw)agImport an Ed448 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed448 public key to import. It must be 57 bytes long. Returns: x and y (integer) Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 r-z7Incorrect length. Only Ed448 public keys are supported.curve448iNr2rr*r+zInvalid Ed448 key (y)rr%r$zInvalid Ed448 public key) rAr:rrrrrFrgr&r'rrrrs2         rc Cs`ddlm}t|}|durt|}|dr+t|}|||\}}}t||}|S|drtt|}d} d} tj| d| d |tj d }|||\} }}|rSd}zt | |}W|St yi} z| d} ~ wt yst d w|d r}t |St|dkrt|dd krt ||St|dkrt|ddvr|durt dt||dSt d)ap Import an ECC key (public or private). Args: encoded (bytes or multi-line string): The ECC key to import. The function will try to automatically detect the right format. Supported formats for an ECC **public** key: * X.509 certificate: binary (DER) or ASCII (PEM). * X.509 ``subjectPublicKeyInfo``: binary (DER) or ASCII (PEM). * SEC1_ (or X9.62), as ``bytes``. NIST P curves only. You must also provide the ``curve_name`` (with a value from the `ECC table`_) * OpenSSH line, defined in RFC5656_ and RFC8709_ (ASCII). This is normally the content of files like ``~/.ssh/id_ecdsa.pub``. Supported formats for an ECC **private** key: * A binary ``ECPrivateKey`` structure, as defined in `RFC5915`_ (DER). NIST P curves only. * A `PKCS#8`_ structure (or the more recent Asymmetric Key Package, RFC5958_): binary (DER) or ASCII (PEM). * `OpenSSH 6.5`_ and newer versions (ASCII). Private keys can be in the clear or password-protected. For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (byte string): The passphrase to use for decrypting a private key. Encryption may be applied protected at the PEM level (not recommended) or at the PKCS#8 level (recommended). This parameter is ignored if the key in input is not encrypted. curve_name (string): For a SEC1 encoding only. This is the name of the curve, as defined in the `ECC table`_. .. note:: To import EdDSA private and public keys, when encoded as raw ``bytes``, use: * :func:`Crypto.Signature.eddsa.import_public_key`, or * :func:`Crypto.Signature.eddsa.import_private_key`. .. note:: To import X25519/X448 private and public keys, when encoded as raw ``bytes``, use: * :func:`Crypto.Protocol.DH.import_x25519_public_key` * :func:`Crypto.Protocol.DH.import_x25519_private_key` * :func:`Crypto.Protocol.DH.import_x448_public_key` * :func:`Crypto.Protocol.DH.import_x448_private_key` Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: https://datatracker.ietf.org/doc/html/rfc1421 .. _RFC1423: https://datatracker.ietf.org/doc/html/rfc1423 .. _RFC5915: https://datatracker.ietf.org/doc/html/rfc5915 .. _RFC5656: https://datatracker.ietf.org/doc/html/rfc5656 .. _RFC8709: https://datatracker.ietf.org/doc/html/rfc8709 .. _RFC5958: https://datatracker.ietf.org/doc/html/rfc5958 .. _`PKCS#8`: https://datatracker.ietf.org/doc/html/rfc5208 .. _`OpenSSH 6.5`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf .. _SEC1: https://www.secg.org/sec1-v2.pdf rrNs-----BEGIN OPENSSH PRIVATE KEYs-----z-----BEGIN EC PARAMETERS-----z-----END EC PARAMETERS-----z.*?rY)flagsz(Invalid DER encoding inside the PEM file)rr0rzNo curve name was provided)rOzECC key format is not supported)rrrr rrr$resubDOTALLrrr:rrArr) rrrOr text_encodedopenssh_encodedmarkerenc_flagr`ecparams_start ecparams_end der_encodeduefrrr import_keysL I        r;__main__l_,)N$c hKf-5lks^    * G8 C;(!.7- ,~